Introduction to Row Level Security. Examining access rights differentiation systems implemented in Oracle и PostgreSQL

There are many ways to show the user only the data they need. Row level security (RLS) is one of the most universal, simple, and reliable mechanisms ensuring that the data are presented only to persons having the required access rights. In this article, I will show that there is nothing really difficult in RLS and will explain how to set up an access rights differentiation system using the database tools and without affecting the performance much.
Read full article →

Right to root. Privilege escalation in Linux

Root privileges allow you to do whatever you want in the system: establish a foothold by creating a backdoor, inject a rootkit or a trojan, alter or delete any information, etc. Accordingly, privilege escalation is one of your primary objectives during an attack. In this article, I will explain how to gain root rights on Linux systems.
Read full article →

OSCP exam and how to pass it

Every information security specialist is aware of OSCP certification. It takes plenty of time to prepare to this exam, then it takes a whole day to take it, and then you produce a write-up describing your experience. Those willing to take the OSCP exam post tons of questions in Twitter, on reddit, and on specialized forums. In this article, I will try to give answers to the most common and basic questions on this matter.
Read full article →